Safeguarding your data is one of our foremost objectives. Office 365 uses a defense-in-depth approach to provide industry-leading security for our datacenters and customer data. We also give you enterprise-grade user and administrative controls to further secure your IT environment.

Proactive approach to regulatory compliance

We have built more than 1,100 controls into the Office 365 compliance framework that enable us to stay up-to-date with frequent changes to industry standards.

A specialist compliance team continuously tracks standards and regulations, developing common control sets for our product teams to build into our services.

Customer controls for organizational compliance

Legal hold and eDiscovery built into Office 365 help you find, preserve, analyze, and package electronic content for a legal request or investigation. Privacy controls allow you to configure who in your organization has access to data, and what data they can access.

Compliance offerings

Data ownership and what it means

You are the owner of your data; Microsoft is the custodian or processor of your data. It’s your data, so at any time during your subscription, you can take your data with you. This means you don’t have to wait for a subscription to end or a contract to expire.

We do not mine your data for advertising purposes. We only use your data to provide you with the services you have purchased, including purposes compatible with providing those services.

Our role as data processor

We use your data only for purposes that are consistent with providing you the services you pay us for. Microsoft engineers do not have standing access to any service operation. Customer Lockbox provides customers with control over access to their content in Exchange Online and SharePoint Online. Customer Lockbox makes customers part of the explicit approval path in the rare instance when a Microsoft engineer may need access to customer data to resolve a customer issue.

Microsoft provides many disclosures to help stakeholders evaluate how we are meeting our commitments to corporate responsibility. We regularly disclose the number of law enforcement requests we receive through our transparency reports.

If a government approaches us for access to your data, we redirect the inquiry to you whenever possible. We have challenged invalid legal demands that prohibited disclosure of a government request for customer data.

Privacy controls

Privacy controls enable you to configure who in your organization has access to data and what they can access.

Logical separation prevents mingling of your data with that of other organizations using Office 365.

Data location and access

We maintain multiple copies of your data across datacenters for redundancy, we share with you where your data is located, and we provide one-month advance notice if we expand into a new country in the region where your data is stored.